- 217 - 



WHAT IS CLAIMED IS: 

1. A person identification certificate link system 
comprising an entity which forms a link correlating at least 
two certificates including a public key certificate which 
stores a public key serving as a cryptographic key and which 
is generated by a certificate authority and a person 
identification certificate which stores a template serving 
as person identification data and which is generated by a 
person identification certificate authority, thereby 
specifying one related certificate based on the other 
certificate . 

2 . A person identification certificate link system 
according to Claim 1, wherein the link between the 
certificates comprises a link which relates the person 
identification certificate with the public key certificate 
of a public key applied to encrypt the template stored in 
the person identification certificate. 

3. A person identification certificate link system 
according to Claim 1, wherein the link between the 
certificates comprises a link which relates the person 
identification certificate with the public key certificate 
which are both used to establish a connection with a data 
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communication partner. 

4 . A person identification certificate link system 
according to Claim 1. wherein one of the public key 
certificate and the person identification certificate stores, 
as data, an identifier of a different certificate which is 
linked thereto. 

5 . A person identification certificate link system 
according to Claim 1, wherein one of the public key 
certificate and the person identification certificate stores, 
as data, an identifier of a link structure serving as link 
identification data and identifiers of the linked public key 
certificate and person identification certificate. 

6 . A person identification certificate link system 
according to Claim 1, wherein group information including a 
group of identifiers of the linked public key certificate 
and person identification certificate is formed and managed 
as data separate from the certificates. 

7 . A person identification certificate link system 
according to Claim 1, wherein: 

group information including a group of identifiers of 
the linked public key certificate and person identification 
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certificate is formed and managed as data separate from the 
certificates; and 

a link for specifying, based on the group information 
serving as primary information, secondary information 
related to the group information is formed. 

8. A person identification certificate link system 
according to Claim 1, wherein one of the public key 
certificate and the person identification certificate stores 
a different certificate which is linked thereto. 

9 . A person identification certificate link system 
according to Claim 1, wherein the certificate authority and 
the person identification certificate authority are formed 
as third-party agencies which are not users of the public 
key certificate and the person identification certificate. 

10. An information processing apparatus for 
authenticating a person by comparing a template which is 
person identification data acquired beforehand with sampling 
information input by a user, said information processing 
apparatus comprising an entity which encrypts and stores 
template information including the template; which obtains 
the encrypted template from a person identification 
certificate generated by a person identification certificate 
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authority, which is a third- party agency; which specifies a 
public key certificate in accordance with link information 
stored in the person Identification certificate; which 
specifies a cryptographic key to the template based on the 
specified public key certificate; and which encrypts or 
decrypts the template. 

11. An information processing apparatus for 
authenticating a person by comparing a template which is 
person identification data acquired beforehand with sampling 
information input by a user, said information processing 
apparatus comprising an entity which obtains an encrypted 
template from a person identification certificate generated 
by a person identification certificate authority, which is a 
third- party agency, and which authenticates the person based 
on the template; and which specifies a public key 
certificate in accordance with link information stored in 
the person identification certificate and which performs 
mutual authentication or encrypted data communication with a 
data communication partner based on the specified public key 
certificate. 

12. An information processing method for 
authenticating a person by comparing a template which is 
person identification data acquired beforehand with sampling 
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information input by a user, said information processing 
method comprising the steps of: 

encrypting and storing template information including 
the template and obtaining the encrypted template from a 
person identification certificate generated by a person 
identification certificate authority, which is a third-party 
agency; 

specifying a public key certificate in accordance with 
link information stored in the person identification 
certificate and specifying a cryptographic key to the 
template based on the specified public key certificate; and 

encrypting or decrypting the template. 

13. An information processing method for 
authenticating a person by comparing a template which is 
person identification data acquired beforehand with sampling 
information input by a user, said information processing 
method comprising the steps of : 

obtaining an encrypted template from a person 
identification certificate generated by a person 
identification certificate authority, which is a third-party 
agency, and authenticating the person based on the template; 
and 

specifying a public key certificate in accordance with 
link information stored in the person identification 
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certificate and performing mutual authentication or 
encrypted data communication with a data communication 
partner based on the specified public key certificate. 

14. A program providing medium for providing a 
computer program that causes a computer system to 
authenticate a person by comparing a template which is 
person identification data acquired beforehand with sampling 
information input by a user, said computer program 
comprising the steps of: 

encrypting and storing template information including 
the template and obtaining the encrypted template from a 
person identification certificate generated by a person 
identification certificate authority, which is a third-party 
agency ; 

specifying a public key certificate in accordance with 
link information stored in the person identification 
certificate and specifying a cryptographic key to the 
template based on the specified public key certificate; and 

encrypting or decrypting the template. 

15. A program providing medium for providing a 
computer program that causes a computer system to 
authenticate a person by comparing a template which is 
person identification data acquired beforehand with sampling 
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information input by a user, said computer program 
comprising the steps of: 

obtaining an encrypted template from a person 
identification certificate generated by a person 
identification certificate authority, which is a third-party 
agency, and authenticating the person based on the template; 
and 

specifying a public key certificate in accordance with 
link information stored in the person identification 
certificate and performing mutual authentication or 
encrypted data communication with a data communication 
partner based on the specified public key certificate. 



